Sunday, July 7, 2013

Google Transparency Report: Safe Browsing

Google, giant search engine announced its Online Security Blog with expanding include Safe Browsing statistics in its Transparency Report.

The data is a little short on definition, but it does give some interesting insights into which hosting providers are doing the worst job of keeping their IP space clean.

The new data is based on the Safe Browsing programme, which combines scanning by Google and reports from the wider web world to keep tabs on where the bad stuff is at; browsers use the data to filter search results, to protect their users from potential malware and phishing.




According to the search company's statistics, over the last three months, the AS of Webair Internet Development Inc (36057) has had 3,333 of its sites scanned by Google and 43% of them have been found to be leading to or hosting malware. 



Thursday, July 4, 2013

Bluebox: Uncovering Android Master Key That Makes 99% of Devices Vulnerable

The Bluebox Security research team – Bluebox Labs – recently discovered a vulnerability in Android’s security model that allows a hacker to modify APK code without breaking an application’s cryptographic signature, to turn any legitimate application into a malicious Trojan, completely unnoticed by the app store, the phone, or the end user. The implications are huge! This vulnerability, around at least since the release of Android 1.6 (codename: “Donut” ), could affect any Android phone released in the last 4 years1 – or nearly 900 million devices2– and depending on the type of application, a hacker can exploit the vulnerability for anything from data theft to creation of a mobile botnet.

While the risk to the individual and the enterprise is great (a malicious app can access individual data, or gain entry into an enterprise), this risk is compounded when you consider applications developed by the device manufacturers (e.g. HTC, Samsung, Motorola, LG) or third-parties that work in cooperation with the device manufacturer (e.g. Cisco with AnyConnect VPN) – that are granted special elevated privileges within Android – specifically System UID access. [ Full Details]

Bluebox researchers delivered their presentation during at Black Hat USA 2013 talk.
"Android Reverse Engineering and Defenses" [ PDF]

Wednesday, March 13, 2013

PayPal Email Scam - 13-March-2013

Pay Pal Fraud is very common and there seems to be a new scam every day. Usually, a phishing scam email will have a fake story that is designed to lure the victim into clicking a link or button in the email or calling a phone number. 

The sender is trying to steal your identity by tricking you into revealing your password or other personal information, either by phone or by clicking links to external websites where complete forms asking for personal details.

Example:

Details 
External website or phishing website links hxxxp://cancerwarriorsfoundation.org/modules/mod_xsystemx/wps.php?pprec

174.122.174.221

945durango.com
acgmaquinados.com
admin.pagebox.cc
ahcgdrops.com
arizonamotocrossriders.com
autoblogsamuraireview.co
basoz.net
bestchandeliers.net
bharadwajdoors.com
bloomingtonnormalparent.com
bluewavevacationcondos.com
botanic-solutions.com
boulderpacific.com
brandonquiltguild.com
bthonduras.com
buderusgb142.com
buyautotrafficmonopoly.com
buyguitarsuperstars.net
carinspectionwestvalleycity.com
carlsonwebs.com
centralfloridapaintball.com
cfpsevents.com
cheapchandeliers.bestchandeliers.net
childobesitycures.uniquewebwire.com
childrenwithlearningdisabilities.uniquewebwire.com
claytonmalcomb.com
coffeemaker-reviews.net
contactinturkey.com

curk.com.tw
dd.ae.7aae.static.theplanet.com
dentistslc.net
discrepando.com
erisapp.com
f80exr.com
fasteasyforex.net
finestweightlosspills.com
freewaysla.com
goodtoys.com.ph
grafindia.com
grosvenorcapital.com
guzelcamliemlak.com
healtheternally.com
hostmaster.carlsonwebs.com
inkdatsmi.com
inkdbysmi.com
instacashkeywords.info
kansasmotocrossriders.com
kaputz.org
kdl40ex720.co
khalidshillingford.info
lalmeida.com
linkclaw.uniquewebwire.com
mail.basoz.net
makemoney-athome.info
manysvchost.com
mastiquemarketing.com
mechanicshopwestvalleycity.com
michiganmotocrossriders.com
microcapmillionairestips.com
morrowcorp.com
morrowtech.com
morrowtechnologies.net
mx.cibaz.com
nanystore.com
noblecoso.com
ns1.saleviet.com
ohiomotocrossriders.com
oregonmotocrossriders.com
parineeti.com
pipeanddrapes.uniquewebwire.com
prwiz.net
respiratorytherapistsalaryinfo.com
safedive.org
saleviet.com
seagrassfurnitures.com
sensacionesvip.com
shazahnpadamse.com
skincareproductsonlinev.com
solarenergyfacts.uniquewebwire.com
strawberriesareglutenfree.com
sunnymoondj.com
tcmech.com
tibbles.net
turismotlaxcala.org
uniquewebwire.com
washingtonmotocrossriders.com
wd20ears.org
woodboatplansinfo.com
www.300creativedatesreview.org
www.bestdealonsatellitetv.net
www.cheapchandeliers.bestchandeliers.net
www.pipeanddrapes.uniquewebwire.com
www.respiratorytherapistsalaryinfo.com
www.seagrassfurnitures.com
www.tcmech.com
yeastinfectionv.info
zetaclearreview.us

PayPal Email Scam - 13-March-2013

Pay Pal Fraud is very common and there seems to be a new scam every day. Usually, a phishing scam email will have a fake story that is designed to lure the victim into clicking a link or button in the email or calling a phone number. 

The sender is trying to steal your identity by tricking you into revealing your password or other personal information, either by phone or by clicking links to external websites where complete forms asking for personal details.

Example:

Details 
External website or phishing website links hxxxp://cancerwarriorsfoundation.org/modules/mod_xsystemx/wps.php?pprec

174.122.174.221

945durango.com
acgmaquinados.com
admin.pagebox.cc
ahcgdrops.com
arizonamotocrossriders.com
autoblogsamuraireview.co
basoz.net
bestchandeliers.net
bharadwajdoors.com
bloomingtonnormalparent.com
bluewavevacationcondos.com
botanic-solutions.com
boulderpacific.com
brandonquiltguild.com
bthonduras.com
buderusgb142.com
buyautotrafficmonopoly.com
buyguitarsuperstars.net
carinspectionwestvalleycity.com
carlsonwebs.com
centralfloridapaintball.com
cfpsevents.com
cheapchandeliers.bestchandeliers.net
childobesitycures.uniquewebwire.com
childrenwithlearningdisabilities.uniquewebwire.com
claytonmalcomb.com
coffeemaker-reviews.net
contactinturkey.com

curk.com.tw
dd.ae.7aae.static.theplanet.com
dentistslc.net
discrepando.com
erisapp.com
f80exr.com
fasteasyforex.net
finestweightlosspills.com
freewaysla.com
goodtoys.com.ph
grafindia.com
grosvenorcapital.com
guzelcamliemlak.com
healtheternally.com
hostmaster.carlsonwebs.com
inkdatsmi.com
inkdbysmi.com
instacashkeywords.info
kansasmotocrossriders.com
kaputz.org
kdl40ex720.co
khalidshillingford.info
lalmeida.com
linkclaw.uniquewebwire.com
mail.basoz.net
makemoney-athome.info
manysvchost.com
mastiquemarketing.com
mechanicshopwestvalleycity.com
michiganmotocrossriders.com
microcapmillionairestips.com
morrowcorp.com
morrowtech.com
morrowtechnologies.net
mx.cibaz.com
nanystore.com
noblecoso.com
ns1.saleviet.com
ohiomotocrossriders.com
oregonmotocrossriders.com
parineeti.com
pipeanddrapes.uniquewebwire.com
prwiz.net
respiratorytherapistsalaryinfo.com
safedive.org
saleviet.com
seagrassfurnitures.com
sensacionesvip.com
shazahnpadamse.com
skincareproductsonlinev.com
solarenergyfacts.uniquewebwire.com
strawberriesareglutenfree.com
sunnymoondj.com
tcmech.com
tibbles.net
turismotlaxcala.org
uniquewebwire.com
washingtonmotocrossriders.com
wd20ears.org
woodboatplansinfo.com
www.300creativedatesreview.org
www.bestdealonsatellitetv.net
www.cheapchandeliers.bestchandeliers.net
www.pipeanddrapes.uniquewebwire.com
www.respiratorytherapistsalaryinfo.com
www.seagrassfurnitures.com
www.tcmech.com
yeastinfectionv.info
zetaclearreview.us

Tuesday, March 12, 2013

[CVE-2013-1814] Apache Rave exposes User over API

CVE-2013-1814: Apache Rave exposes User over API

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected:
Rave 0.11 to 0.20

Description:
Rave returns the full user object, including the salted and hashed
password, via the User RPC API.  This endpoint is only available to
authenticated users, but will return all User objects in the database
given the correct query.

Mitigation:
All users who rely on Rave's user management capabilities should
upgrade to 0.20.1 or later.
If an upgrade is infeasible, restrict access to the /app/api/user URL
paths via Spring Security configuration or other means.

Example:
A request to:

/app/api/rpc/users/get?offset=3DOFFSET

will return the following:

{"error":false,"errorMessage":null,"errorCode":"NO_ERROR","result":{"result=
Set":[{"entityId":1,"username":"canonical","email":"canonical () example com",=
"displayName":"Canonical
User","additionalName":"canonical","familyName":"User","givenName":"Canonic=
al","honorificPrefix":null,"honorificSuffix":null,"preferredName":null,"abo=
utMe":null,"status":"Single","addresses":[],"organizations":[],"properties"=
:[{"entityId":1,"type":"thumbnailUrl","value":"http://opensocial2.org:8080/=
collabapp/images/avatars/BillRanney.jpg","qualifier":null,"extendedValue":n=
ull,"primary":null,"id":"1"}],"password":"$2a$10$TkEgze5kLy9nRlfd8PT1zunh6P=
1ND8WPjLojFjAMNgZMu1D9D1n4.","expired":false,"locked":false,"enabled":true,=
"openId":null,"forgotPasswordHash":null,"forgotPasswordTime":null,"defaultP=
ageLayout":{"entityId":4,"code":"columns_3","numberOfRegions":3,"renderSequ=
ence":3,"userSelectable":true},"confirmPassword":null,"defaultPageLayoutCod=
e":null,"authorities":[{"entityId":2,"authority":"ROLE_ADMIN","users":[],"d=
efaultForNewUser":false}],"id":"1","accountNonLocked":true,"credentialsNonE=
xpired":true,"accountNonExpired":true},
........ ],"pageSize":10,"offset":0,"totalResults":14,"numberOfPages":2,"cu=
rrentPage":1}}

Credit:
This issue was discovered by Andreas Guth of RWTH Aachen University.

References:
http://tomcat.apache.org/security.html
http://seclists.org/fulldisclosure/2013/Mar/127